thesims4_game_downloader.exe

File Validated

This is the InstallMetrix bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application thesims4_game_downloader.exe by File Validated has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallMetrix Software installer. The file has been seen being downloaded from pcfileddl.com.
Publisher:
File Validated  (signed and verified)

MD5:
9b49a1ad13cdf6fe653c3feb42d8d00a

SHA-1:
0ab6776a9fe12e83068a1c1e9d8ba8f260f2277f

SHA-256:
5842657c7eb53c4feea75c3954cfe88a0d7b0e3ce380f96b3fcc6600eaae6f2e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 3:43:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallMetrix (M)
16.7.31.22

File size:
1.1 MB (1,144,072 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallMetrix Software

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\thesims4_game_downloader.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
2/26/2015 7:00:00 PM

Valid to:
2/27/2016 6:59:59 PM

Subject:
CN=File Validated, OU=File Validated, O=File Validated, L=San Francisco, S=California, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1C96D72469336B0857534EE1D7E9701D

File PE Metadata
Compilation timestamp:
4/21/2015 7:44:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:xtb20pkaCqT5TBWgNQ7a6Q8P/tOmjcl/qe1Fy7L6A:CVg5tQ7a6pP/tOmAjWP5

Entry address:
0x25F74

Entry point:
E8, 6A, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
7.0550

Code size:
557.5 KB (570,880 bytes)

The file thesims4_game_downloader.exe has been seen being distributed by the following URL.

Remove thesims4_game_downloader.exe - Powered by Reason Core Security